{pkgs, ...}: let secrets = import ../modules/secrets.nix; in rec { # Mail server mailserver = rec { enable = true; enableManageSieve = true; domains = [ "${secrets.jimDomain}" ]; fqdn = "mx.${secrets.jimDomain}"; certificateScheme = "acme-nginx"; localDnsResolver = false; redis.port = 1515; # A list of accounts, passwords generated with nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' loginAccounts = { "noreply@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "noreply" secrets.noreplyMailHash; sendOnly = true; }; "jimbo@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "jimbo" secrets.jimboMailHash; aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; "lunamoonlight@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "luna" secrets.lunaMailHash; aliases = [ "us@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; "freecorn1854@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "freecorn" secrets.freecornMailHash; aliases = [ "canada@${secrets.jimDomain}" "contact@${secrets.jimDomain}" ]; }; "tinyattack09@${secrets.jimDomain}" = { hashedPasswordFile = pkgs.writeText "tiny" secrets.tinyMailHash; }; }; }; # Related services services = { # Roundcube mail server roundcube = { enable = true; hostName = "mail.${secrets.jimDomain}"; extraConfig = '' $config['smtp_server'] = "tls://${mailserver.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; }; # Force the mailserver to use a different redis port redis.servers.rspamd.port = 1515; # The hostname mail ports use nginx.virtualHosts."mx.${secrets.jimDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:1390"; proxyWebsockets = true; }; }; }; }